[LTP] [LTP v4 4/5] IMA: Add a test to verify measurement of certificate imported into a keyring
Mimi Zohar
zohar@linux.ibm.com
Fri Aug 28 17:21:19 CEST 2020
On Fri, 2020-08-28 at 14:49 +0200, Petr Vorel wrote:
> > On Fri, 2020-08-28 at 08:05 +0200, Petr Vorel wrote:
> > > BTW there are also plans for reboot support [1] [2], that could be used as
> > > workaround for configuration without CONFIG_IMA_READ_POLICY=y and
> > > CONFIG_IMA_WRITE_POLICY=y.
> > The reboot support could also be used for carrying the IMA measurement
> > list across kexec and verifying the TPM PCRs.
> Adding into my TODO list. I'd just run whole test ima_kexec.sh twice and reboot
> in between.
The ima_kexec.sh tests measures the kexec boot cmdline and kernel
image. What's needed is walking the measurement list re-calculating
the PCRs and then verifying them against the actual TPM PCRs. Maybe
running the ima_tpm.sh test twice.
Mimi
More information about the ltp
mailing list